palaryn 0.1.0

package/dist/src/audit/logger.js

@@ -0,0 +1,440 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+const crypto_1 = require("crypto");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/** Default maximum in-memory events before oldest are evicted */
+const DEFAULT_MAX_BUFFER_SIZE = 50000;
+class AuditLogger {
+    constructor(config, maxBufferSize) {
+        this.config = config;
+        this.events = [];
+        this.maxBufferSize = maxBufferSize ?? DEFAULT_MAX_BUFFER_SIZE;
+        this.logStream = null;
+        if (config.enabled && config.log_dir) {
+            if (!fs.existsSync(config.log_dir)) {
+                fs.mkdirSync(config.log_dir, { recursive: true });
+            }
+            const today = new Date().toISOString().split('T')[0];
+            const logFile = path.join(config.log_dir, `audit-${today}.jsonl`);
+            this.logStream = fs.createWriteStream(logFile, { flags: 'a' });
+            this.logStream.on('error', () => {
+                // Silently handle write errors (e.g. directory deleted during cleanup)
+                this.logStream = null;
+            });
+        }
+    }
+    /** Attach an external audit store (e.g. Redis, Postgres) for durable event persistence */
+    setStore(store) {
+        this.externalStore = store;
+    }
+    log(event) {
+        const fullEvent = {
+            ...event,
+            event_id: (0, crypto_1.randomUUID)(),
+            timestamp: new Date().toISOString(),
+        };
+        // Write-ahead pattern: persist to file stream BEFORE in-memory push.
+        // This ensures the event is durably written before the caller gets
+        // acknowledgment. If the stream write fails, we still add to memory
+        // for query purposes but log a warning about the persistence failure.
+        if (this.logStream) {
+            try {
+                this.logStream.write(JSON.stringify(fullEvent) + '\n');
+            }
+            catch (err) {
+                console.warn('Audit log stream write failed, event added to memory only:', err.message);
+            }
+        }
+        this.events.push(fullEvent);
+        // Evict oldest events if in-memory buffer exceeds capacity
+        if (this.events.length > this.maxBufferSize) {
+            this.events = this.events.slice(-this.maxBufferSize);
+        }
+        // Persist to external store (fire-and-forget write-through)
+        if (this.externalStore) {
+            this.externalStore.append(fullEvent);
+        }
+        if (this.config.console_output) {
+            console.log(JSON.stringify({
+                level: 'info',
+                event_type: fullEvent.event_type,
+                event_id: fullEvent.event_id,
+                tool_call_id: fullEvent.tool_call_id,
+                task_id: fullEvent.task_id,
+                actor_id: fullEvent.actor_id,
+                tool_name: fullEvent.tool_name,
+                timestamp: fullEvent.timestamp,
+                metadata: fullEvent.metadata,
+            }));
+        }
+        return fullEvent;
+    }
+    logToolCallReceived(toolCall) {
+        return this.log({
+            event_type: 'TOOL_CALL_RECEIVED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                capability: toolCall.tool.capability,
+                platform: toolCall.source.platform,
+                has_constraints: !!toolCall.constraints,
+                labels: toolCall.context?.labels || [],
+                args_snapshot: this.redactArgs(toolCall.args),
+            },
+        });
+    }
+    /**
+     * Retrieve the stored args snapshot for a specific tool_call_id.
+     * Returns undefined if no TOOL_CALL_RECEIVED event exists for the given id.
+     */
+    getToolCallArgs(toolCallId) {
+        const event = this.events.find(e => e.event_type === 'TOOL_CALL_RECEIVED' && e.tool_call_id === toolCallId);
+        return event?.metadata?.args_snapshot;
+    }
+    /**
+     * Deep-clone args and strip sensitive fields (headers and top-level keys).
+     */
+    redactArgs(args) {
+        const SENSITIVE_HEADERS = ['authorization', 'cookie', 'x-api-key', 'x-secret'];
+        const SENSITIVE_KEYS = ['password', 'secret', 'token', 'api_key'];
+        const cloned = JSON.parse(JSON.stringify(args));
+        // Strip sensitive top-level keys
+        for (const key of Object.keys(cloned)) {
+            if (SENSITIVE_KEYS.includes(key.toLowerCase())) {
+                cloned[key] = '[REDACTED]';
+            }
+        }
+        // Strip sensitive headers
+        if (cloned.headers && typeof cloned.headers === 'object' && !Array.isArray(cloned.headers)) {
+            const headers = cloned.headers;
+            for (const key of Object.keys(headers)) {
+                if (SENSITIVE_HEADERS.includes(key.toLowerCase())) {
+                    headers[key] = '[REDACTED]';
+                }
+            }
+        }
+        return cloned;
+    }
+    logPolicyDecided(toolCall, decision, ruleId, reasons) {
+        return this.log({
+            event_type: 'POLICY_DECIDED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                decision,
+                rule_id: ruleId,
+                reasons,
+            },
+        });
+    }
+    logDLPScanned(toolCall, detected, severity, redactionCount, redactions) {
+        return this.log({
+            event_type: 'DLP_SCANNED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                detected,
+                severity,
+                redaction_count: redactionCount,
+                findings_count: detected.length,
+                redactions: redactions?.map(r => ({
+                    path: r.path,
+                    type: r.original_type,
+                    method: r.method,
+                    masked_preview: r.masked_preview,
+                })),
+                target_url: toolCall.args?.url,
+                actor_display: toolCall.actor.display || toolCall.actor.id,
+            },
+        });
+    }
+    logBudgetChecked(toolCall, estimatedCost, spentToDate, remaining) {
+        return this.log({
+            event_type: 'BUDGET_CHECKED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                estimated_cost: estimatedCost,
+                spent_to_date: spentToDate,
+                remaining,
+                would_exceed: estimatedCost > remaining,
+            },
+        });
+    }
+    logToolExecuted(toolCall, status, durationMs, httpStatus) {
+        return this.log({
+            event_type: 'TOOL_EXECUTED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                status,
+                duration_ms: durationMs,
+                ...(httpStatus !== undefined && { http_status: httpStatus }),
+            },
+        });
+    }
+    logToolResultReturned(toolCall, status, durationMs, extraMetadata) {
+        return this.log({
+            event_type: 'TOOL_RESULT_RETURNED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                status,
+                duration_ms: durationMs,
+                ...extraMetadata,
+            },
+        });
+    }
+    logApprovalRequested(toolCall, scope, reason, ttlSeconds) {
+        return this.log({
+            event_type: 'APPROVAL_REQUESTED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                scope,
+                reason,
+                ttl_seconds: ttlSeconds,
+                expires_at: new Date(Date.now() + ttlSeconds * 1000).toISOString(),
+            },
+        });
+    }
+    logApprovalApproved(toolCall, approverId) {
+        return this.log({
+            event_type: 'APPROVAL_APPROVED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                approver_id: approverId,
+            },
+        });
+    }
+    logApprovalDenied(toolCall, approverId, reason) {
+        return this.log({
+            event_type: 'APPROVAL_DENIED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                approver_id: approverId,
+                reason,
+            },
+        });
+    }
+    logApprovalExpired(toolCall) {
+        return this.log({
+            event_type: 'APPROVAL_EXPIRED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {},
+        });
+    }
+    logIncident(toolCall, severity, incidentType, description, recommendedAction) {
+        return this.log({
+            event_type: 'INCIDENT_RAISED',
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            tool_name: toolCall.tool.name,
+            metadata: {
+                severity,
+                incident_type: incidentType,
+                description,
+                recommended_action: recommendedAction,
+            },
+        });
+    }
+    getTaskTrace(taskId) {
+        return this.events
+            .filter(e => e.task_id === taskId)
+            .sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+    }
+    getToolCallEvents(toolCallId) {
+        return this.events
+            .filter(e => e.tool_call_id === toolCallId)
+            .sort((a, b) => a.timestamp.localeCompare(b.timestamp));
+    }
+    getEventsByType(eventType) {
+        return this.events.filter(e => e.event_type === eventType);
+    }
+    getAllEvents() {
+        return [...this.events];
+    }
+    /**
+     * Batch-flush helper: corks the stream (buffers writes), executes the
+     * callback, then uncorks to flush all buffered writes in a single I/O
+     * operation. Useful when logging many events in a tight loop.
+     *
+     * When called with no arguments, drains the write stream and returns
+     * a Promise that resolves when all buffered data has been flushed to
+     * the underlying resource. Use this before close() to ensure no
+     * in-flight audit events are lost.
+     */
+    flush(fn) {
+        if (fn) {
+            this.logStream?.cork();
+            try {
+                fn();
+            }
+            finally {
+                this.logStream?.uncork();
+            }
+            return;
+        }
+        // No-arg: drain the write stream so pending writes complete
+        if (!this.logStream)
+            return Promise.resolve();
+        return new Promise((resolve) => {
+            // If the stream buffer is already empty, resolve immediately
+            if (this.logStream.writableLength === 0) {
+                resolve();
+                return;
+            }
+            this.logStream.once('drain', () => resolve());
+            // Cork and uncork to trigger a drain
+            this.logStream.cork();
+            this.logStream.uncork();
+        });
+    }
+    close() {
+        if (this.logStream) {
+            this.logStream.end();
+            this.logStream = null;
+        }
+    }
+    /** Get aggregated event statistics for a workspace within a time window */
+    getEventStats(workspaceId, hours = 24) {
+        const cutoff = new Date(Date.now() - hours * 3600000).toISOString();
+        const windowEvents = this.events.filter(e => e.workspace_id === workspaceId && e.timestamp >= cutoff);
+        // Count event types
+        const total_requests = windowEvents.filter(e => e.event_type === 'TOOL_CALL_RECEIVED').length;
+        const policyEvents = windowEvents.filter(e => e.event_type === 'POLICY_DECIDED');
+        const blocked_count = policyEvents.filter(e => e.metadata?.decision === 'deny').length;
+        const approval_count = windowEvents.filter(e => e.event_type === 'APPROVAL_REQUESTED').length;
+        const executedEvents = windowEvents.filter(e => e.event_type === 'TOOL_EXECUTED');
+        const error_count = executedEvents.filter(e => e.metadata?.status === 'error').length;
+        // Average duration from TOOL_RESULT_RETURNED
+        const resultEvents = windowEvents.filter(e => e.event_type === 'TOOL_RESULT_RETURNED');
+        const durations = resultEvents
+            .map(e => e.metadata?.duration_ms)
+            .filter((d) => typeof d === 'number');
+        const avg_duration_ms = durations.length > 0
+            ? durations.reduce((a, b) => a + b, 0) / durations.length
+            : 0;
+        // Requests per minute — use actual event timespan (first→last), min 1 minute
+        const receivedEvents = windowEvents.filter(e => e.event_type === 'TOOL_CALL_RECEIVED');
+        let requests_per_minute = 0;
+        if (receivedEvents.length >= 2) {
+            const timestamps = receivedEvents.map(e => new Date(e.timestamp).getTime()).sort((a, b) => a - b);
+            const spanMinutes = Math.max((timestamps[timestamps.length - 1] - timestamps[0]) / 60000, 1);
+            requests_per_minute = receivedEvents.length / spanMinutes;
+        }
+        else if (receivedEvents.length === 1) {
+            // Single request in window — report as 1 req/min (it happened)
+            requests_per_minute = 1;
+        }
+        // Distinct actor IDs
+        const actorIds = new Set(windowEvents.map(e => e.actor_id));
+        const active_agents = actorIds.size;
+        // Policy breakdown: group POLICY_DECIDED by decision
+        const policy_breakdown = {};
+        for (const pe of policyEvents) {
+            const decision = String(pe.metadata?.decision || 'unknown');
+            policy_breakdown[decision] = (policy_breakdown[decision] || 0) + 1;
+        }
+        // Pipeline throughput
+        const policyAllow = policyEvents.filter(e => e.metadata?.decision === 'allow' || e.metadata?.decision === 'transform').length;
+        const policyFail = policyEvents.filter(e => e.metadata?.decision === 'deny' || e.metadata?.decision === 'require_approval').length;
+        const dlpEvents = windowEvents.filter(e => e.event_type === 'DLP_SCANNED');
+        const budgetEvents = windowEvents.filter(e => e.event_type === 'BUDGET_CHECKED');
+        const execOk = executedEvents.filter(e => e.metadata?.status === 'ok').length;
+        const execFail = executedEvents.filter(e => e.metadata?.status !== 'ok').length;
+        const pipeline_throughput = [
+            { stage: 'auth', passed: total_requests, failed: 0 },
+            { stage: 'policy', passed: policyAllow, failed: policyFail },
+            { stage: 'dlp', passed: dlpEvents.length, failed: 0 },
+            { stage: 'budget', passed: budgetEvents.length, failed: 0 },
+            { stage: 'execute', passed: execOk, failed: execFail },
+        ];
+        return {
+            total_requests,
+            blocked_count,
+            approval_count,
+            error_count,
+            avg_duration_ms,
+            requests_per_minute,
+            active_agents,
+            policy_breakdown,
+            pipeline_throughput,
+        };
+    }
+    clear() {
+        this.events = [];
+    }
+}
+exports.AuditLogger = AuditLogger;
+//# sourceMappingURL=logger.js.map

package/dist/src/audit/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../../src/audit/logger.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mCAAoC;AACpC,uCAAyB;AACzB,2CAA6B;AAO7B,iEAAiE;AACjE,MAAM,uBAAuB,GAAG,KAAK,CAAC;AAEtC,MAAa,WAAW;IAOtB,YAAY,MAAmB,EAAE,aAAsB;QACrD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QACjB,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,uBAAuB,CAAC;QAC9D,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QAEtB,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACnC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACpD,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,SAAS,KAAK,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC,iBAAiB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/D,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC9B,uEAAuE;gBACvE,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACxB,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,0FAA0F;IAC1F,QAAQ,CAAC,KAAiB;QACxB,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;IAC7B,CAAC;IAED,GAAG,CAAC,KAAiD;QACnD,MAAM,SAAS,GAAe;YAC5B,GAAG,KAAK;YACR,QAAQ,EAAE,IAAA,mBAAU,GAAE;YACtB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,qEAAqE;QACrE,mEAAmE;QACnE,oEAAoE;QACpE,sEAAsE;QACtE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;YACzD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,4DAA4D,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACrG,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE5B,2DAA2D;QAC3D,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC5C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACvD,CAAC;QAED,4DAA4D;QAC5D,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACzB,KAAK,EAAE,MAAM;gBACb,UAAU,EAAE,SAAS,CAAC,UAAU;gBAChC,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,YAAY,EAAE,SAAS,CAAC,YAAY;gBACpC,OAAO,EAAE,SAAS,CAAC,OAAO;gBAC1B,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,SAAS,EAAE,SAAS,CAAC,SAAS;gBAC9B,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B,CAAC,CAAC,CAAC;QACN,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mBAAmB,CAAC,QAAkB;QACpC,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,UAAU,EAAE,QAAQ,CAAC,IAAI,CAAC,UAAU;gBACpC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,QAAQ;gBAClC,eAAe,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW;gBACvC,MAAM,EAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE;gBACtC,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;aAC9C;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,eAAe,CAAC,UAAkB;QAChC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,oBAAoB,IAAI,CAAC,CAAC,YAAY,KAAK,UAAU,CAC5E,CAAC;QACF,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAoD,CAAC;IAC/E,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,IAA6B;QAC9C,MAAM,iBAAiB,GAAG,CAAC,eAAe,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;QAC/E,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAA4B,CAAC;QAE3E,iCAAiC;QACjC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3F,MAAM,OAAO,GAAG,MAAM,CAAC,OAAkC,CAAC;YAC1D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAClD,OAAO,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;gBAC9B,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,gBAAgB,CAAC,QAAkB,EAAE,QAAgB,EAAE,MAAc,EAAE,OAAiB;QACtF,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,gBAAgB;YAC5B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,QAAQ;gBACR,OAAO,EAAE,MAAM;gBACf,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CAAC,QAAkB,EAAE,QAAkB,EAAE,QAAgB,EAAE,cAAsB,EAAE,UAA2B;QACzH,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,aAAa;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,QAAQ;gBACR,QAAQ;gBACR,eAAe,EAAE,cAAc;gBAC/B,cAAc,EAAE,QAAQ,CAAC,MAAM;gBAC/B,UAAU,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAChC,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,IAAI,EAAE,CAAC,CAAC,aAAa;oBACrB,MAAM,EAAE,CAAC,CAAC,MAAM;oBAChB,cAAc,EAAE,CAAC,CAAC,cAAc;iBACjC,CAAC,CAAC;gBACH,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE,GAAG;gBAC9B,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,EAAE;aAC3D;SACF,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,QAAkB,EAAE,aAAqB,EAAE,WAAmB,EAAE,SAAiB;QAChG,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,gBAAgB;YAC5B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,cAAc,EAAE,aAAa;gBAC7B,aAAa,EAAE,WAAW;gBAC1B,SAAS;gBACT,YAAY,EAAE,aAAa,GAAG,SAAS;aACxC;SACF,CAAC,CAAC;IACL,CAAC;IAED,eAAe,CAAC,QAAkB,EAAE,MAAc,EAAE,UAAkB,EAAE,UAAmB;QACzF,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,eAAe;YAC3B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,MAAM;gBACN,WAAW,EAAE,UAAU;gBACvB,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;aAC7D;SACF,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB,CAAC,QAAkB,EAAE,MAAc,EAAE,UAAkB,EAAE,aAAuC;QACnH,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,sBAAsB;YAClC,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,MAAM;gBACN,WAAW,EAAE,UAAU;gBACvB,GAAG,aAAa;aACjB;SACF,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAAC,QAAkB,EAAE,KAAa,EAAE,MAAc,EAAE,UAAkB;QACxF,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,KAAK;gBACL,MAAM;gBACN,WAAW,EAAE,UAAU;gBACvB,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;aACnE;SACF,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB,CAAC,QAAkB,EAAE,UAAkB;QACxD,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,mBAAmB;YAC/B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,WAAW,EAAE,UAAU;aACxB;SACF,CAAC,CAAC;IACL,CAAC;IAED,iBAAiB,CAAC,QAAkB,EAAE,UAAkB,EAAE,MAAc;QACtE,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,iBAAiB;YAC7B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,WAAW,EAAE,UAAU;gBACvB,MAAM;aACP;SACF,CAAC,CAAC;IACL,CAAC;IAED,kBAAkB,CAAC,QAAkB;QACnC,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,kBAAkB;YAC9B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE,EAAE;SACb,CAAC,CAAC;IACL,CAAC;IAED,WAAW,CAAC,QAAkB,EAAE,QAA0B,EAAE,YAAoB,EAAE,WAAmB,EAAE,iBAAyB;QAC9H,OAAO,IAAI,CAAC,GAAG,CAAC;YACd,UAAU,EAAE,iBAAiB;YAC7B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,EAAE;YAC3B,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;YAC7B,QAAQ,EAAE;gBACR,QAAQ;gBACR,aAAa,EAAE,YAAY;gBAC3B,WAAW;gBACX,kBAAkB,EAAE,iBAAiB;aACtC;SACF,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,MAAc;QACzB,OAAO,IAAI,CAAC,MAAM;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC;aACjC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,iBAAiB,CAAC,UAAkB;QAClC,OAAO,IAAI,CAAC,MAAM;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,CAAC;aAC1C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,eAAe,CAAC,SAAoB;QAClC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC;IAC7D,CAAC;IAED,YAAY;QACV,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,EAAe;QACnB,IAAI,EAAE,EAAE,CAAC;YACP,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;YAC3B,CAAC;YACD,OAAO;QACT,CAAC;QAED,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YACnC,6DAA6D;YAC7D,IAAI,IAAI,CAAC,SAAU,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;gBACzC,OAAO,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YACD,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/C,qCAAqC;YACrC,IAAI,CAAC,SAAU,CAAC,IAAI,EAAE,CAAC;YACvB,IAAI,CAAC,SAAU,CAAC,MAAM,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK;QACH,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC;YACrB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,aAAa,CAAC,WAAmB,EAAE,QAAgB,EAAE;QAWnD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QACpE,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,WAAW,IAAI,CAAC,CAAC,SAAS,IAAI,MAAM,CAC7D,CAAC;QAEF,oBAAoB;QACpB,MAAM,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,oBAAoB,CAAC,CAAC,MAAM,CAAC;QAC9F,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,gBAAgB,CAAC,CAAC;QACjF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACvF,MAAM,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,oBAAoB,CAAC,CAAC,MAAM,CAAC;QAC9F,MAAM,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,eAAe,CAAC,CAAC;QAClF,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;QAEtF,6CAA6C;QAC7C,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,sBAAsB,CAAC,CAAC;QACvF,MAAM,SAAS,GAAG,YAAY;aAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC;aACjC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;QACrD,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC;YAC1C,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,SAAS,CAAC,MAAM;YACzD,CAAC,CAAC,CAAC,CAAC;QAEN,6EAA6E;QAC7E,MAAM,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,oBAAoB,CAAC,CAAC;QACvF,IAAI,mBAAmB,GAAG,CAAC,CAAC;QAC5B,IAAI,cAAc,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAClG,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;YAC7F,mBAAmB,GAAG,cAAc,CAAC,MAAM,GAAG,WAAW,CAAC;QAC5D,CAAC;aAAM,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,+DAA+D;YAC/D,mBAAmB,GAAG,CAAC,CAAC;QAC1B,CAAC;QAED,qBAAqB;QACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC;QAEpC,qDAAqD;QACrD,MAAM,gBAAgB,GAA2B,EAAE,CAAC;QACpD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,IAAI,SAAS,CAAC,CAAC;YAC5D,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrE,CAAC;QAED,sBAAsB;QACtB,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,KAAK,WAAW,CAC9E,CAAC,MAAM,CAAC;QACT,MAAM,UAAU,GAAG,YAAY,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,KAAK,MAAM,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,KAAK,kBAAkB,CACpF,CAAC,MAAM,CAAC;QACT,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,aAAa,CAAC,CAAC;QAC3E,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,gBAAgB,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAC9E,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAEhF,MAAM,mBAAmB,GAAG;YAC1B,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC,EAAE;YACpD,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE;YAC5D,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE;YACrD,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE;YAC3D,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;SACvD,CAAC;QAEF,OAAO;YACL,cAAc;YACd,aAAa;YACb,cAAc;YACd,WAAW;YACX,eAAe;YACf,mBAAmB;YACnB,aAAa;YACb,gBAAgB;YAChB,mBAAmB;SACpB,CAAC;IACJ,CAAC;IAED,KAAK;QACH,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;IACnB,CAAC;CACF;AA5cD,kCA4cC"}

package/dist/src/auth/index.d.ts

@@ -0,0 +1,6 @@
+export * from './pkce';
+export * from './password';
+export * from './providers';
+export * from './session';
+export * from './routes';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC;AAC1B,cAAc,UAAU,CAAC"}

package/dist/src/auth/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./pkce"), exports);
+__exportStar(require("./password"), exports);
+__exportStar(require("./providers"), exports);
+__exportStar(require("./session"), exports);
+__exportStar(require("./routes"), exports);
+//# sourceMappingURL=index.js.map

package/dist/src/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,6CAA2B;AAC3B,8CAA4B;AAC5B,4CAA0B;AAC1B,2CAAyB"}

package/dist/src/auth/password.d.ts

@@ -0,0 +1,3 @@
+export declare function hashPassword(password: string): Promise<string>;
+export declare function verifyPassword(password: string, stored: string): Promise<boolean>;
+//# sourceMappingURL=password.d.ts.map

package/dist/src/auth/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/auth/password.ts"],"names":[],"mappings":"AAOA,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIpE;AAED,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOvF"}

package/dist/src/auth/password.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashPassword = hashPassword;
+exports.verifyPassword = verifyPassword;
+const crypto_1 = require("crypto");
+const util_1 = require("util");
+const scryptAsync = (0, util_1.promisify)(crypto_1.scrypt);
+const SALT_LENGTH = 16;
+const KEY_LENGTH = 64;
+async function hashPassword(password) {
+    const salt = (0, crypto_1.randomBytes)(SALT_LENGTH).toString('hex');
+    const hash = (await scryptAsync(password, salt, KEY_LENGTH)).toString('hex');
+    return `${salt}:${hash}`;
+}
+async function verifyPassword(password, stored) {
+    const [salt, hash] = stored.split(':');
+    if (!salt || !hash)
+        return false;
+    const derived = await scryptAsync(password, salt, KEY_LENGTH);
+    const storedBuf = Buffer.from(hash, 'hex');
+    if (derived.length !== storedBuf.length)
+        return false;
+    return (0, crypto_1.timingSafeEqual)(derived, storedBuf);
+}
+//# sourceMappingURL=password.js.map

package/dist/src/auth/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../../src/auth/password.ts"],"names":[],"mappings":";;AAOA,oCAIC;AAED,wCAOC;AApBD,mCAA8D;AAC9D,+BAAiC;AAEjC,MAAM,WAAW,GAAG,IAAA,gBAAS,EAAC,eAAM,CAAC,CAAC;AACtC,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,UAAU,GAAG,EAAE,CAAC;AAEf,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,IAAI,GAAG,IAAA,oBAAW,EAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,CAAC,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,CAAY,CAAA,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACvF,OAAO,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;AAC3B,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,MAAc;IACnE,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,CAAW,CAAC;IACxE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACtD,OAAO,IAAA,wBAAe,EAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAC7C,CAAC"}

package/dist/src/auth/pkce.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Generate a PKCE code_verifier (43-128 character random string).
+ */
+export declare function generateCodeVerifier(): string;
+/**
+ * Generate a PKCE code_challenge from a code_verifier (S256 method).
+ */
+export declare function generateCodeChallenge(verifier: string): string;
+/**
+ * Generate a cryptographically random nonce for OAuth state.
+ */
+export declare function generateNonce(): string;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/src/auth/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../../../src/auth/pkce.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC"}

package/dist/src/auth/pkce.js

@@ -0,0 +1,58 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCodeVerifier = generateCodeVerifier;
+exports.generateCodeChallenge = generateCodeChallenge;
+exports.generateNonce = generateNonce;
+const crypto = __importStar(require("crypto"));
+/**
+ * Generate a PKCE code_verifier (43-128 character random string).
+ */
+function generateCodeVerifier() {
+    return crypto.randomBytes(32).toString('base64url');
+}
+/**
+ * Generate a PKCE code_challenge from a code_verifier (S256 method).
+ */
+function generateCodeChallenge(verifier) {
+    return crypto.createHash('sha256').update(verifier).digest('base64url');
+}
+/**
+ * Generate a cryptographically random nonce for OAuth state.
+ */
+function generateNonce() {
+    return crypto.randomBytes(32).toString('hex');
+}
+//# sourceMappingURL=pkce.js.map

package/dist/src/auth/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../../src/auth/pkce.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,oDAEC;AAKD,sDAEC;AAKD,sCAEC;AArBD,+CAAiC;AAEjC;;GAEG;AACH,SAAgB,oBAAoB;IAClC,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,QAAgB;IACpD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa;IAC3B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChD,CAAC"}

package/dist/src/auth/providers.d.ts

@@ -0,0 +1,28 @@
+import { OAuthProfile, GoogleOAuthProvider, GitHubOAuthProvider } from '../types/user';
+export declare function buildGoogleAuthUrl(config: GoogleOAuthProvider, redirectUri: string, state: string, codeVerifier: string): {
+    url: string;
+    code_verifier: string;
+    code_challenge: string;
+};
+export declare function exchangeGoogleCode(config: GoogleOAuthProvider, redirectUri: string, code: string, codeVerifier: string): Promise<{
+    access_token: string;
+    refresh_token?: string;
+    expires_in: number;
+    id_token?: string;
+}>;
+export declare function getGoogleUserInfo(accessToken: string): Promise<OAuthProfile>;
+export declare function buildGitHubAuthUrl(config: GitHubOAuthProvider, redirectUri: string, state: string): string;
+export declare function exchangeGitHubCode(config: GitHubOAuthProvider, code: string): Promise<{
+    access_token: string;
+    token_type: string;
+    scope: string;
+}>;
+export declare function getGitHubUserInfo(accessToken: string): Promise<OAuthProfile>;
+export type ProviderConfig = {
+    provider: 'google';
+    config: GoogleOAuthProvider;
+} | {
+    provider: 'github';
+    config: GitHubOAuthProvider;
+};
+//# sourceMappingURL=providers.d.ts.map

package/dist/src/auth/providers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../../../src/auth/providers.ts"],"names":[],"mappings":"AAGA,OAAO,EAAiB,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AA2CtG,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG;IACzH,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;CACxB,CAkBA;AAED,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;IACtI,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC,CAoBD;AAED,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAelF;AAMD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAQ1G;AAED,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,mBAAmB,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IAC3F,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC,CAwBD;AAED,wBAAsB,iBAAiB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAqClF;AAMD,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,mBAAmB,CAAC;CAC7B,GAAG;IACF,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,mBAAmB,CAAC;CAC7B,CAAC"}